Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2e3aaa7d authored Jun 17, 2015 by Alex Klyubin

Remove unnecessary PKCS#1 authorization on legacy keys.

There is no need to authorize PKCS#1 signature padding scheme when
NONE padding scheme is authorized. NONE authorizes the use of any
padding scheme.

Bug: 18088752
Change-Id: I73ccb373d577c988acde372d972092278923c4e4

parent 97f4d3b4

keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java

+2 −3

Original line number	Diff line number	Diff line
		@@ -226,9 +226,8 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
		\| KeyProperties.PURPOSE_VERIFY);
		// Authorized to be used with any digest (including no digest).
		specBuilder.setDigests(KeyProperties.DIGEST_NONE);
		specBuilder.setSignaturePaddings(
		KeyProperties.SIGNATURE_PADDING_RSA_PKCS1);
		// Authorized to be used with any padding (including no padding).
		// Authorized to be used with any encryption and signature padding
		// scheme (including no padding).
		specBuilder.setEncryptionPaddings(
		KeyProperties.ENCRYPTION_PADDING_NONE);
		// Disable randomized encryption requirement to support encryption

keystore/java/android/security/keystore/AndroidKeyStoreSpi.java

+2 −3

Original line number	Diff line number	Diff line
		@@ -258,9 +258,8 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
		\| KeyProperties.PURPOSE_VERIFY);
		// Authorized to be used with any digest (including no digest).
		specBuilder.setDigests(KeyProperties.DIGEST_NONE);
		specBuilder.setSignaturePaddings(
		KeyProperties.SIGNATURE_PADDING_RSA_PKCS1);
		// Authorized to be used with any padding (including no padding).
		// Authorized to be used with any encryption and signature padding scheme (including no
		// padding).
		specBuilder.setEncryptionPaddings(
		KeyProperties.ENCRYPTION_PADDING_NONE);
		// Disable randomized encryption requirement to support encryption padding NONE